Skip to content

WW-5618 feat(json): add configurable limits for DoS prevention #1626

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
lukaszlenart wants to merge 1 commit into
base: release/struts-6-8-x
Choose a base branch
from

WW-5618 feat(json): add configurable limits to JSON plugin for DoS pr…

c4c6474
Select commit
Loading
Failed to load commit list.
Open

WW-5618 feat(json): add configurable limits for DoS prevention #1626

WW-5618 feat(json): add configurable limits to JSON plugin for DoS pr…
c4c6474
Select commit
Loading
Failed to load commit list.
SonarQubeCloud / SonarCloud Code Analysis failed Mar 17, 2026 in 4m 29s

Quality Gate failed

Failed conditions
25 Security Hotspots
42.6% Coverage on New Code (required ≥ 80%)
3.4% Duplication on New Code (required ≤ 3%)
E Security Rating on New Code (required ≥ A)
E Reliability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

Annotations

Check warning on line 76 in core/src/test/java/com/opensymphony/xwork2/interceptor/ExceptionMappingInterceptorTest.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Remove this use of "Action"; it is deprecated. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qS6Zx8DDPyt_bmH8&open=AZz8qS6Zx8DDPyt_bmH8&pullRequest=1626

Check warning on line 488 in core/src/test/java/com/opensymphony/xwork2/util/StrutsLocalizedTextProviderTest.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Remove this use of "ActionContext"; it is deprecated. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qSzcx8DDPyt_bmF0&open=AZz8qSzcx8DDPyt_bmF0&pullRequest=1626

Check warning on line 127 in plugins/embeddedjsp/src/main/java/org/apache/struts2/JSPLoader.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

This block of commented-out lines of code should be removed. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qU-Kx8DDPyt_bnNZ&open=AZz8qU-Kx8DDPyt_bnNZ&pullRequest=1626

Check warning on line 147 in core/src/test/java/com/opensymphony/xwork2/interceptor/PrepareInterceptorTest.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Remove this use of "ActionInvocation"; it is deprecated. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qS7xx8DDPyt_bmJN&open=AZz8qS7xx8DDPyt_bmJN&pullRequest=1626

Check failure on line 52 in core/src/main/java/com/opensymphony/xwork2/config/impl/AbstractMatcher.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Make non-static "wildcard" transient or serializable. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qQTsx8DDPyt_blr9&open=AZz8qQTsx8DDPyt_blr9&pullRequest=1626

Check warning on line 525 in plugins/embeddedjsp/src/main/java/org/apache/struts2/jasper/runtime/JspRuntimeLibrary.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Use "Float.parseFloat" for this string-to-float conversion. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qUfLx8DDPyt_bm5K&open=AZz8qUfLx8DDPyt_bm5K&pullRequest=1626

Check warning on line 156 in plugins/embeddedjsp/src/main/java/org/apache/struts2/jasper/compiler/Dumper.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Add the "@Override" annotation above this method signature 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qULNx8DDPyt_bmsB&open=AZz8qULNx8DDPyt_bmsB&pullRequest=1626

Check failure on line 632 in plugins/embeddedjsp/src/main/java/org/apache/struts2/jasper/xmlparser/EncodingMap.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Define a constant instead of duplicating this literal "Cp1140" 4 times. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qT0Lx8DDPyt_bmbt&open=AZz8qT0Lx8DDPyt_bmbt&pullRequest=1626

Check failure on line 164 in core/src/main/java/com/opensymphony/xwork2/interceptor/ExceptionMappingInterceptor.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Make non-static "categoryLogger" transient or serializable. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qQfex8DDPyt_blua&open=AZz8qQfex8DDPyt_blua&pullRequest=1626

Check warning on line 91 in core/src/test/java/com/opensymphony/xwork2/validator/ActionValidatorManagerTest.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

This block of commented-out lines of code should be removed. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qTGtx8DDPyt_bmN2&open=AZz8qTGtx8DDPyt_bmN2&pullRequest=1626

Check warning on line 283 in core/src/test/java/com/opensymphony/xwork2/interceptor/ExceptionMappingInterceptorTest.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Remove this use of "ActionProxy"; it is deprecated. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qS6Zx8DDPyt_bmIK&open=AZz8qS6Zx8DDPyt_bmIK&pullRequest=1626

Check warning on line 88 in core/src/main/java/org/apache/struts2/interceptor/ActionMappingParametersInterceptor.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Remove this use of "buildNoNestedWrapping"; it is deprecated. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qRMwx8DDPyt_bl6z&open=AZz8qRMwx8DDPyt_bl6z&pullRequest=1626

Check warning on line 113 in core/src/test/java/com/opensymphony/xwork2/interceptor/PrepareInterceptorTest.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Remove this use of "ActionProxy"; it is deprecated. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qS7xx8DDPyt_bmI_&open=AZz8qS7xx8DDPyt_bmI_&pullRequest=1626

Check failure on line 62 in core/src/test/java/com/opensymphony/xwork2/util/ClassPathFinderTest.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Add at least one assertion to this test case. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qS3Dx8DDPyt_bmGq&open=AZz8qS3Dx8DDPyt_bmGq&pullRequest=1626

Check warning on line 188 in plugins/embeddedjsp/src/main/java/org/apache/struts2/el/lang/ELSupport.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Provide the parametrized type for this generic. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qU5Ex8DDPyt_bnKY&open=AZz8qU5Ex8DDPyt_bnKY&pullRequest=1626

Check failure on line 27 in plugins/embeddedjsp/src/main/java/org/apache/struts2/jasper/tagplugins/jstl/core/Import.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Refactor this method to reduce its Cognitive Complexity from 23 to the 15 allowed. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qUV7x8DDPyt_bmy2&open=AZz8qUV7x8DDPyt_bmy2&pullRequest=1626

Check warning on line 272 in plugins/embeddedjsp/src/main/java/org/apache/struts2/el/parser/ELParser.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Reorder the modifiers to comply with the Java Language Specification. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qU1Jx8DDPyt_bnGg&open=AZz8qU1Jx8DDPyt_bnGg&pullRequest=1626

Check warning on line 163 in plugins/oval/src/test/java/org/apache/struts2/oval/interceptor/OValValidationInterceptorTest.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Remove this use of "ActionProxy"; it is deprecated. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qV00x8DDPyt_bnYr&open=AZz8qV00x8DDPyt_bnYr&pullRequest=1626

Check warning on line 46 in core/src/main/java/com/opensymphony/xwork2/conversion/impl/XWorkList.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Provide the parametrized type for this generic. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qQ0ox8DDPyt_bl2E&open=AZz8qQ0ox8DDPyt_bl2E&pullRequest=1626

Check warning on line 46 in core/src/test/java/com/opensymphony/xwork2/interceptor/ParameterFilterInterceptorTest.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Remove this use of "ActionInvocation"; it is deprecated. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qS8wx8DDPyt_bmJi&open=AZz8qS8wx8DDPyt_bmJi&pullRequest=1626

Check warning on line 687 in core/src/test/java/org/apache/struts2/interceptor/FileUploadInterceptorTest.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Remove this use of "ActionContext"; it is deprecated. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qSdLx8DDPyt_bmA7&open=AZz8qSdLx8DDPyt_bmA7&pullRequest=1626

Check warning on line 151 in core/src/test/java/com/opensymphony/xwork2/util/StrutsLocalizedTextProviderTest.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Remove this use of "ActionProxy"; it is deprecated. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qSzcx8DDPyt_bmFO&open=AZz8qSzcx8DDPyt_bmFO&pullRequest=1626

Check warning on line 59 in core/src/test/java/com/opensymphony/xwork2/ChainResultTest.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Remove this use of "ValueStack"; it is deprecated. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qTdmx8DDPyt_bmYD&open=AZz8qTdmx8DDPyt_bmYD&pullRequest=1626

Check warning on line 530 in plugins/embeddedjsp/src/main/java/org/apache/struts2/jasper/compiler/SmapUtil.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Add the "@Override" annotation above this method signature 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qUAIx8DDPyt_bmib&open=AZz8qUAIx8DDPyt_bmib&pullRequest=1626

Check warning on line 127 in plugins/osgi/src/main/java/org/apache/struts2/osgi/DefaultBundleAccessor.java

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Provide the parametrized type for this generic. 

See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AZz8qV99x8DDPyt_bnb2&open=AZz8qV99x8DDPyt_bnb2&pullRequest=1626
View more details on SonarQubeCloud